× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

Re: iSeries vs. Unix vs. SQL Server vs. Oracle &Security/Dataseparation???

> from: "Adam Lang" <aalang@xxxxxxxxxxxxxxxxxxxx>
> What on earth are you talking about? Who cares how
> many firewalls are between the public internet and the
> webserver?

I'm talking about company controlled LAN segments separating an iSeries
server from the Internet.  Access to LAN segments is controlled through
firewalls.  I'm talking about connecting the iSeries to a LAN segment as
opposed to connecting it directly to the Internet.

> Your firewalls are routing the traffic for you.

The main purpose of the firewall is to filter traffic.  I brought it up
because Chris Bipes described a home-grown Windows based service essentially
filtering traffic to the AS/400.  In general, would one rather have
firewalls filtering traffic to the AS/400, or home-grown Windows
applications?

> So if you have 5 firewalls, it doesn't matter.

Firewalls are used to define network zones.  Several people have commented
about the value of a DMZ, for example.

The purpose and scope of firewalls may be an overly broad topic.  But one
firewall may filter DOS attacks, while another filters NETBIOS traffic,
while another filters ports, depending on the purpose of firewall and the
scope each LAN segment controlled by the firewall.

> You still pass the person from outside to the webserver.

Not to be pedantic, but a firewall may pass a "message" not a "person".  I'm
suggesting that an HTTP Server under OS/400 is generally more secure than an
HTTP server under Windows, Linux, and Unix.  I'm also suggesting that
simpler single platform application interfaces are less vulnerable than
complex multi platform ones.

I hear of many shops opening an HTTP port to a Windows server, then opening
the ODBC data ports from the Windows server to the iSeries.  In contrast,
opening just an iSeries HTTP services for selected applications is easier to
secure than locking down ODBC services.

For data access, the HTTP server passes a request to an application.
Otherwise the HTTP server won't provide access to the database.  My
suggestion is that application level security be handled by iSeries
applications for performance, simpler and easier to adminster interfaces,
and because the base OS is more secure.

I'm suggesting that dividing applications between two platforms is generally
more vulnerable, more difficult to develop and administer, poorer
performing, and unnecessary when the data resides on an iSeries.

Nathan M. Andelin
www.relational-data.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.